Skip to main content

Quick Start

Get your first threat model generated in just a few steps.
1

Install Dependencies

Install Python 3.12+ and required packages:
pip install -r requirements.txt
2

Configure API Keys

Create local_config.py with your API keys:
local_config.py
default_nvd_api_key = "YOUR_NVD_KEY"
default_openai_api_key = "YOUR_OPENAI_KEY"
default_alienvault_api_key = "YOUR_ALIENVAULT_KEY"
Never commit API keys to version control. Add local_config.py to your .gitignore.
  1. Visit OpenAI API Keys
  2. Click “Create new secret key”
  3. Copy the key (you won’t see it again)
  4. Cost: ~$0.10-0.50 per threat model
  1. Visit NVD API Key Request
  2. Fill out the form with your email
  3. Check your email for the API key
  4. Free with rate limits (5 requests/30s without key, 50/30s with key)
  1. Create account at AlienVault OTX
  2. Go to Settings → API Integration
  3. Copy your OTX Key
  4. Free tier available
3

Launch Application

Start the Streamlit interface:
streamlit run main.py
Navigate to http://localhost:8501 in your browser.
4

Create Your First Threat Model

Follow the 7-step guided process:Step 1: Describe Your Application
  • Enter a detailed description of your application
  • Select application type (e.g., “Web application”)
  • Choose industry sector (e.g., “Finance”)
  • Specify authentication methods
  • Indicate if internet-facing
  • Classify sensitive data (High/Medium/Low)
Step 2: Select Technology Stack
  • Choose databases (e.g., PostgreSQL 14.0)
  • Select operating systems (e.g., Ubuntu 20.04)
  • Pick programming languages (e.g., Python 3.9)
  • Add web frameworks (e.g., Django 4.0)
Step 3: Generate Threat Model
  • Click “Generate Threat Model”
  • Wait 2-5 minutes for processing
  • Review 18 STRIDE threats with MITRE ATT&CK mappings
Step 4: Review Mitigations
  • AI generates specific mitigation strategies
  • Each threat gets tailored recommendations
Step 5: DREAD Risk Assessment
  • Threats scored on 5 dimensions (1-10 scale)
  • Risk scores calculated automatically
  • Threats sorted by priority
Step 6: Generate Test Cases
  • Gherkin-formatted security test cases
  • Ready for pytest-bdd, Cucumber, or Behave
Step 7: Download PDF Report
  • Comprehensive 20-40 page document
  • Includes all threats, mitigations, and test cases

What You Get

18 STRIDE Threats

3 threats per category with scenarios, impacts, and assumptions

MITRE ATT&CK Mapping

Each threat mapped to real-world attack techniques

CVE Data

Vulnerabilities from NVD for your exact technology versions

Threat Intelligence

Industry-specific threats from AlienVault OTX

Risk Scores

DREAD methodology for threat prioritization

Attack Trees

Visual attack path diagrams in Mermaid

Security Tests

Gherkin test scenarios ready to implement

PDF Report

Professional documentation for stakeholders

Example Application Description

Online banking platform with:
- User authentication via OAuth2 and MFA
- Account management and transaction history
- Bill payment and fund transfers
- Mobile app for iOS and Android
- RESTful API for third-party integrations
- PostgreSQL database for transaction records
- Redis for session management
- Deployed on AWS with ALB and Auto Scaling

Quick Troubleshooting

Error: “OpenAI API key is required”Solution: Ensure local_config.py exists in the project root with valid API keys.
Error: “No MITRE ATT&CK data found”Solution: Verify MITRE_ATTACK_DATA/ directory contains:
  • enterprise-attack.json
  • mobile-attack.json
  • ics-attack.json
Error: “Port 8501 is already in use”Solution: Use a different port:
streamlit run main.py --server.port 8502
Error: “Rate limit exceeded”Solution: Wait 60 seconds and retry. Consider upgrading your OpenAI API tier for higher limits.

Next Steps

Full Installation Guide

Detailed setup instructions for all environments

7-Step Process

Complete walkthrough of the threat modeling workflow

Interpreting Results

Understanding your threat model output

Troubleshooting

Common issues and solutions

Time Estimates

ActivityDuration
Installation5-10 minutes
API Key Setup5-10 minutes
First Threat Model15-20 minutes
Total25-40 minutes
Save time by having your application description and technology versions ready before starting.

Build docs developers (and LLMs) love

Get started for freeTalk to us